Cbuf_Execute exploit

Ragnar_40k · 2009-02-22 12:29:03 UTC

Quake 3 engine Cbuf_Execute commands execution universal proof-of-concept 0.1 (q3cbufexec)

universal patcher which gets the original client executable of a game based on the Quake 3 engine and generates a new modified one which converts the ‘;’ chars in the commands sent by the client to carriage-returns for testing a vulnerability which allows to execute server’s game commands through a malformed callvote.
details of the vulnerability are available here and here.
examples of malformed callvote commands to use from the console of the modified game executable:
/callvote map “none;rconpassword empty”
/callvote timelimit “123;rconpassword none”

Is there a patch available fpr W:ET? It seems this exploit is atm repeatedly used on several servers: http://forum.splatterladder.com/index.php?showtopic=10061&hl=

SSF-Sage · 2009-02-22 17:20:53 UTC

Are you sure that link and quote is clever to post here on public, rather than leaving the other and sending those stuff with pm? Or did I misunderstood something? So shame that some people hack servers on a free game! :mad:

kamikazee · 2009-02-22 18:56:22 UTC

It seems that Reyalp coded a LUA fix for ETPro: ETPro forums: exploits actively abused